{"id":5768,"date":"2020-11-19T15:47:47","date_gmt":"2020-11-19T13:47:47","guid":{"rendered":"https:\/\/www.limilabs.com\/blog\/?p=5768"},"modified":"2024-03-28T16:05:25","modified_gmt":"2024-03-28T14:05:25","slug":"oauth2-password-grant-office365-exchange-imap-pop3-smtp","status":"publish","type":"post","link":"https:\/\/www.limilabs.com\/blog\/oauth2-password-grant-office365-exchange-imap-pop3-smtp","title":{"rendered":"OAuth 2.0 password grant with Office365\/Exchange IMAP\/POP3\/SMTP"},"content":{"rendered":"\n<div class=\"well\">\nIn this series:\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"https:\/\/www.limilabs.com\/blog\/oauth2-office365-exchange-imap-pop3-smtp\">OAuth 2.0 with Office365\/Exchange IMAP\/POP3\/SMTP<\/a><\/li>\n\n<li><a href=\"https:\/\/www.limilabs.com\/blog\/oauth2-web-flow-office365-exchange-imap-pop3-smtp\">OAuth 2.0 web flow with Office365\/Exchange IMAP\/POP3\/SMTP<\/a><\/li>\n\n<li>OAuth 2.0 password grant with Office365\/Exchange IMAP\/POP3\/SMTP<\/li>\n\n<li><a href=\"https:\/\/www.limilabs.com\/blog\/oauth2-device-flow-office365-exchange-imap-pop3-smtp\">OAuth 2.0 device flow with Office365\/Exchange IMAP\/POP3\/SMTP<\/a><\/li>\n\n<li><a href=\"oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp\">OAuth 2.0 client credential flow with Office365\/Exchange IMAP\/POP3\/SMTP<\/a><\/li>\n\n<\/ul><\/div>\n\n\n\n<p>This article shows how to implement OAuth 2.0 password grant flow to access Office365 via IMAP, POP3 or SMTP using <a href=\"\/mail\" title=\"Mail.dll email client\">Mail.dll .NET email client<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Enable email protocols<\/h2>\n\n\n\n<p><strong>Make sure IMAP\/POP3\/SMTP is enabled<\/strong> for your organization and mailbox:<br><a href=\"\/blog\/office365-enable-imap-pop3-smtp\" title=\"Enable IMAP\/POP3\/SMTP on Office365\">Enable IMAP\/POP3\/SMTP in Office 365<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Disable MFA for account<\/h2>\n\n\n\n<p>Password grant flow <strong>requires Multi-Factor Authentication (MFA) to be disabled for this mailbox<\/strong> &#8211; make also sure there are no Active Directory policies that match this account and require MFA (you can of course have policies that match all other accounts).<\/p>\n\n\n\n<p>Go to <a href=\"https:\/\/admin.microsoft.com\/\" title=\"\">Microsoft365 admin center<\/a>. Select <strong>Setup<\/strong> on the left menu and in the <strong>Sign-in and security <\/strong>section select <strong>Configure multifactor authentication (MFA)<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image.png\"><img loading=\"lazy\" decoding=\"async\" width=\"721\" height=\"368\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image.png\" alt=\"\" class=\"wp-image-6552\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image.png 721w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image-300x153.png 300w\" sizes=\"(max-width: 721px) 100vw, 721px\" \/><\/a><\/figure>\n\n\n\n<p>You can use <strong>per-user MFA<\/strong> or AD policies.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image-1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"873\" height=\"394\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image-1.png\" alt=\"\" class=\"wp-image-6553\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image-1.png 873w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image-1-300x135.png 300w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2023\/08\/image-1-768x347.png 768w\" sizes=\"(max-width: 873px) 100vw, 873px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Register and configure application<\/h2>\n\n\n\n<p><strong>Register your application<\/strong> in Azure Portal, here&#8217;s a detailed guide how to do that:<br><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/quickstart-register-app\">https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/quickstart-register-app<\/a> <\/p>\n\n\n\n<p>Enable additional flows:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"982\" height=\"560\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2020\/11\/image-4.png\" alt=\"\" class=\"wp-image-5774\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2020\/11\/image-4.png 982w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2020\/11\/image-4-300x171.png 300w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2020\/11\/image-4-768x438.png 768w\" sizes=\"(max-width: 982px) 100vw, 982px\" \/><\/figure>\n\n\n\n<p> Then you need to apply correct API permissions and grant the admin consent for your domain.  <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/03\/image-26.png\"><img loading=\"lazy\" decoding=\"async\" width=\"897\" height=\"481\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/03\/image-26.png\" alt=\"\" class=\"wp-image-6058\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/03\/image-26.png 897w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/03\/image-26-300x161.png 300w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/03\/image-26-768x412.png 768w\" sizes=\"(max-width: 897px) 100vw, 897px\" \/><\/a><\/figure><\/div>\n\n\n<p>\n\nIn the&nbsp;<strong>API permissions<\/strong> \/ <strong>Add a permission&nbsp;<\/strong>wizard, select&nbsp;<strong>Microsoft Graph<\/strong>&nbsp;and then&nbsp;<strong>Delegated permissions<\/strong>&nbsp;to find the following permission scopes listed:\n\n<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li> offline_access<\/li>\n\n\n\n<li> email<\/li>\n\n\n\n<li> IMAP.AccessAsUser.All <\/li>\n\n\n\n<li> POP.AccessAsUser.All <\/li>\n\n\n\n<li> SMTP.Send <\/li>\n<\/ul>\n\n\n\n<p> Remember to <strong>Grant admin consent<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/10\/image-1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"901\" height=\"477\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/10\/image-1.png\" alt=\"\" class=\"wp-image-6339\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/10\/image-1.png 901w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/10\/image-1-300x159.png 300w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/10\/image-1-768x407.png 768w\" sizes=\"(max-width: 901px) 100vw, 901px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Obtain OAuth 2.0 token<\/h2>\n\n\n\n<p> Use&nbsp;Microsoft Authentication Library for .NET (MSAL.NET) nuget package to obtain an access token:<br> <a href=\"https:\/\/www.nuget.org\/packages\/Microsoft.Identity.Client\/\">https:\/\/www.nuget.org\/packages\/Microsoft.Identity.Client\/<\/a>  <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\nstring clientId = &quot;Application (client) ID&quot;;\nstring tenantId = &quot;Directory (tenant) ID&quot;;\n\nstring userEmail = &quot;Username for mailbox&quot;;\nstring userPassword = &quot;Password for that user&quot;;\n\nIPublicClientApplication app = PublicClientApplicationBuilder\n    .Create(clientId)\n    .WithTenantId(tenantId)\n    .Build();\n\nvar scopes = new string&#x5B;] \n{\n    &quot;offline_access&quot;,\n    &quot;email&quot;,\n    &quot;https:\/\/outlook.office.com\/IMAP.AccessAsUser.All&quot;,\n    &quot;https:\/\/outlook.office.com\/POP.AccessAsUser.All&quot;,\n    &quot;https:\/\/outlook.office.com\/SMTP.Send&quot;,\n};\n<\/pre><\/div>\n\n\n<p>Now acquire an access token and a user name: <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\nstring userName;\nstring accessToken;\n\nvar account = (await app.GetAccountsAsync()).FirstOrDefault();\n\ntry\n{\n    AuthenticationResult refresh = await app\n        .AcquireTokenSilent(scopes, account)\n        .ExecuteAsync();\n\n    userName = refresh.Account.Username;\n    accessToken = refresh.AccessToken;\n}\ncatch (MsalUiRequiredException e)\n{\n    SecureString securePassword = new SecureString();\n    foreach (char c in userPassword)\n    {\n        securePassword.AppendChar(c);\n    }\n\n    var result = await app.AcquireTokenByUsernamePassword(\n        scopes, \n        userEmail, \n        securePassword).ExecuteAsync();\n\n    userName = result.Account.Username;\n    accessToken = result.AccessToken;\n}\n\n<\/pre><\/div>\n\n\n<h2 class=\"wp-block-heading\">Install Mail.dll email library<\/h2>\n\n\n\n<p>The easiest way to install Mail.dll is to download it from nuget via Package Manager:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\nPM&gt; Install-Package Mail.dll\n<\/pre><\/div>\n\n\n<p>Alternatively you can&nbsp;<a href=\"https:\/\/www.limilabs.com\/mail\/download\">download Mail.dll directly<\/a>&nbsp;from our website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Download and process emails<\/h2>\n\n\n\n<p>Finally you can connect using IMAP\/POP3\/SMTP, authenticate and download user&#8217;s emails:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\nusing (Imap client = new Imap())\n{\n    client.ConnectSSL(&quot;outlook.office365.com&quot;);\n    client.LoginOAUTH2(userName, accessToken);\n \n    client.SelectInbox();\n\n    List&lt;long&gt; uids = imap.Search(Flag.Unseen);\n    foreach (long uid in uids)\n    {\n        IMail email = new MailBuilder()\n                .CreateFromEml(imap.GetMessageByUID(uid));\n        string subject = email.Subject;\n   }\n\n    client.Close();\n} \n<\/pre><\/div>\n\n\n<p><\/p>\n\n\n\n<br \/>\n<a class=\"btn btn-primary btn-largest btn-action\" href=\"\/mail\/download\">Get Mail.dll<\/a>\n<br \/>\n","protected":false},"excerpt":{"rendered":"<p>In this series: &nbsp; OAuth 2.0 with Office365\/Exchange IMAP\/POP3\/SMTP OAuth 2.0 web flow with Office365\/Exchange IMAP\/POP3\/SMTP OAuth 2.0 password grant with Office365\/Exchange IMAP\/POP3\/SMTP OAuth 2.0 device flow with Office365\/Exchange IMAP\/POP3\/SMTP OAuth 2.0 client credential flow with Office365\/Exchange IMAP\/POP3\/SMTP This article shows how to implement OAuth 2.0 password grant flow to access Office365 via IMAP, POP3 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[28,84,122,42,50],"class_list":["post-5768","post","type-post","status-publish","format-standard","hentry","category-mail-dll","tag-imap","tag-oauth-2-0","tag-office365","tag-pop3","tag-smtp"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/5768"}],"collection":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/comments?post=5768"}],"version-history":[{"count":31,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/5768\/revisions"}],"predecessor-version":[{"id":6619,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/5768\/revisions\/6619"}],"wp:attachment":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/media?parent=5768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/categories?post=5768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/tags?post=5768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}